Summary:
15 new OPEN, 39 new PRO (15 + 24)
Added rules:
Open:
- 2069095 - ET MALWARE MixShell CnC Activity (GET) (malware.rules)
- 2069096 - ET MALWARE MixShell CnC Activity Response (malware.rules)
- 2069097 - ET WEB_SPECIFIC_APPS Array VPN fshare_template Arbitrary File Read (web_specific_apps.rules)
- 2069098 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (crystalaxishub .top) (exploit_kit.rules)
- 2069099 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (goldenvectorlab .top) (exploit_kit.rules)
- 2069100 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (crystalaxishub .top) (exploit_kit.rules)
- 2069101 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (goldenvectorlab .top) (exploit_kit.rules)
- 2069102 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (push-aws .tuckx .com) (malware.rules)
- 2069103 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (push-aws .tuckx .com) (malware.rules)
- 2069104 - ET INFO DYNAMIC_DNS Query to a *.southwestvoodoo .com domain (info.rules)
- 2069105 - ET INFO DYNAMIC_DNS HTTP Request to a *.southwestvoodoo .com domain (info.rules)
- 2069106 - ET INFO DYNAMIC_DNS Query to a *.antakshari .com domain (info.rules)
- 2069107 - ET INFO DYNAMIC_DNS HTTP Request to a *.antakshari .com domain (info.rules)
- 2069108 - ET INFO DYNAMIC_DNS Query to a *.medipath .com domain (info.rules)
- 2069109 - ET INFO DYNAMIC_DNS HTTP Request to a *.medipath .com domain (info.rules)
Pro:
- 2867400 - ETPRO WEB_SPECIFIC_APPS Silex Technology SD-330AC and AMC Manager Authenticated Stack Buffer Overflow (CVE-2026-32955) (web_specific_apps.rules)
- 2867401 - ETPRO EXPLOIT Silex Technology SD-330AC and AMC Manager sx_smpd Heap overflow via Payload Length (CVE-2026-32961) (exploit.rules)
- 2867402 - ETPRO WEB_SPECIFIC_APPS GFI Kerio Control HTTP Response Splitting (CVE-2024-52875) (web_specific_apps.rules)
- 2867403 - ETPRO EXPLOIT Cisco Security Manager Unauthenticated Remote Code Execution via Insecure Deserialization M1 (exploit.rules)
- 2867404 - ETPRO EXPLOIT Cisco Security Manager Unauthenticated Remote Code Execution via Insecure Deserialization M2 (exploit.rules)
- 2867405 - ETPRO EXPLOIT Cisco Security Manager Unauthenticated Arbitrary File Download M1 (exploit.rules)
- 2867406 - ETPRO EXPLOIT Cisco Security Manager Unauthenticated Arbitrary File Download M2 (exploit.rules)
- 2867407 - ETPRO EXPLOIT Cisco Security Manager Unauthenticated Arbitrary File Download M3 (exploit.rules)
- 2867408 - ETPRO EXPLOIT Cisco Security Manager Unauthenticated Arbitrary File Download M4 (exploit.rules)
- 2867409 - ETPRO EXPLOIT Cisco Security Manager Unauthenticated Arbitrary File Download M5 (exploit.rules)
- 2867410 - ETPRO EXPLOIT Cisco Security Manager Unauthenticated Arbitrary File Upload (exploit.rules)
- 2867411 - ETPRO EXPLOIT FreeScout Mail2Shell Zero-Click Unauthenticated RCE (CVE-2026-28289) (exploit.rules)
- 2867412 - ETPRO WEB_SPECIFIC_APPS Upsonic Unauthenticated OS Command Execution via MCP Task Creation (CVE-2026-30625) (web_specific_apps.rules)
- 2867413 - ETPRO WEB_SPECIFIC_APPS Flowise Authenticated OS Command Execution via MCP STDIO adapter (CVE-2026-40933) (web_specific_apps.rules)
- 2867414 - ETPRO EXPLOIT FastCGI IPC ReadParams Integer Overflow (CVE-2025-23016) (exploit.rules)
- 2867415 - ETPRO HUNTING FastCGI IPC ReadParams Abnormal Behavior MSB Set (hunting.rules)
- 2867416 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - PING Outbound (malware.rules)
- 2867417 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PING Outbound (malware.rules)
- 2867418 - ETPRO MALWARE TA584 Win32/XWorm CnC Command - Ping Inbound (malware.rules)
- 2867419 - ETPRO MALWARE TA584 Win32/XWorm V2 CnC Command - RD- Inbound (malware.rules)
- 2867420 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - sendPlugin Outbound (malware.rules)
- 2867421 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - Informations Outbound (malware.rules)
- 2867422 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - GetInformations Inbound (malware.rules)
- 2867423 - ETPRO MALWARE TA584 Win32/XWorm V3 CnC Command - PCShutdown Inbound (malware.rules)